<html>
<head><meta charset="utf-8"><title>cargo deny · t-compiler/rust-analyzer · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/185405-t-compiler/rust-analyzer/index.html">t-compiler/rust-analyzer</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/185405-t-compiler/rust-analyzer/topic/cargo.20deny.html">cargo deny</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="195712919"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/185405-t-compiler/rust-analyzer/topic/cargo%20deny/near/195712919" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> std::Veetaha <a href="https://rust-lang.github.io/zulip_archive/stream/185405-t-compiler/rust-analyzer/topic/cargo.20deny.html#195712919">(Apr 29 2020 at 13:59)</a>:</h4>
<p>Hey guys, has anyone ever used <a href="https://github.com/EmbarkStudios/cargo-deny" title="https://github.com/EmbarkStudios/cargo-deny">cargo-deny</a> as I see it is a superset of <code>cargo-audit</code>, isn't it (i.e. <code>cargo-audit</code>is no loger needed when we have <code>cargo-deny</code>)?</p>



<a name="195726280"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/185405-t-compiler/rust-analyzer/topic/cargo%20deny/near/195726280" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> std::Veetaha <a href="https://rust-lang.github.io/zulip_archive/stream/185405-t-compiler/rust-analyzer/topic/cargo.20deny.html#195726280">(Apr 29 2020 at 15:22)</a>:</h4>
<p>Tried cargo-deny and it is inherently awesome!</p>



<a name="195728538"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/185405-t-compiler/rust-analyzer/topic/cargo%20deny/near/195728538" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> std::Veetaha <a href="https://rust-lang.github.io/zulip_archive/stream/185405-t-compiler/rust-analyzer/topic/cargo.20deny.html#195728538">(Apr 29 2020 at 15:37)</a>:</h4>
<p><span class="user-mention" data-user-id="133169">@matklad</span> we should give it ago instead of <code>cargo audit</code>. It provides not only vulnerabilities scan, but also scan for duplicated deps versions, bad licences and very flexible user-friendly <a href="https://embarkstudios.github.io/cargo-deny/checks/index.html" title="https://embarkstudios.github.io/cargo-deny/checks/index.html">configuration</a>. Embark guys are awesome <span aria-label="heart" class="emoji emoji-2764" role="img" title="heart">:heart:</span></p>



<a name="195728788"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/185405-t-compiler/rust-analyzer/topic/cargo%20deny/near/195728788" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> matklad <a href="https://rust-lang.github.io/zulip_archive/stream/185405-t-compiler/rust-analyzer/topic/cargo.20deny.html#195728788">(Apr 29 2020 at 15:39)</a>:</h4>
<p>tbh, I am not entirely convinced that we need even <code>cargo audit</code>.</p>



<a name="195729206"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/185405-t-compiler/rust-analyzer/topic/cargo%20deny/near/195729206" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> std::Veetaha <a href="https://rust-lang.github.io/zulip_archive/stream/185405-t-compiler/rust-analyzer/topic/cargo.20deny.html#195729206">(Apr 29 2020 at 15:42)</a>:</h4>
<p>So now you don't care about vulnerabilities <span aria-label="smiling devil" class="emoji emoji-1f608" role="img" title="smiling devil">:smiling_devil:</span>?</p>



<a name="195729774"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/185405-t-compiler/rust-analyzer/topic/cargo%20deny/near/195729774" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> matklad <a href="https://rust-lang.github.io/zulip_archive/stream/185405-t-compiler/rust-analyzer/topic/cargo.20deny.html#195729774">(Apr 29 2020 at 15:45)</a>:</h4>
<p>In Rust crates -- not really. I am generally on top of things here:I read our Cargo.lock pretty regularly, and I know which each dependency does and why it is there.</p>



<a name="195733130"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/185405-t-compiler/rust-analyzer/topic/cargo%20deny/near/195733130" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> std::Veetaha <a href="https://rust-lang.github.io/zulip_archive/stream/185405-t-compiler/rust-analyzer/topic/cargo.20deny.html#195733130">(Apr 29 2020 at 16:06)</a>:</h4>
<p>I am not sure you are better than <code>cargo-deny</code>, but whatever</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>